Manage users and groups in Helix Core Server

To create Helix DAM users, see Create users.

To perform these tasks on the Helix Core Server side, see the following sections in the Helix Core Server Administrator Guide:

Warning

In Helix Core Server, do not alter or edit groups with a name following any of these conventions in any way:

HTH-//<depot-path>/<repo-path>-<HTH_ACCESS_LEVEL>

HTH-<depotname>-<hth_access_level>

HTH-<company-admin>

Mapping of TeamHub roles to graph depot permissions

In Helix Core Server, you grant permissions to users or groups. In TeamHub, you assign roles. The following table indicates how each TeamHub role is mapped to specific graph depot permissions in Helix Core Server.

TeamHub Role Graph Depot Permission

Admin

admin

Manager

write-all

Master

force-push

delete-repo

create-repo

Developer

delete-ref

create-ref

write-all

Guest

read

For more information on Helix Core Server permissions, see the p4 grant-permission command in the Helix Core Command-Line (P4) Reference.

For more information on TeamHub roles, see the Roles chapter in the Helix TeamHub Help.

Enable synchronization of Helix users in Helix DAM

To automatically give all Helix Core Server users access to Helix DAM, select the check box. To do this, either go to the Helix TeamHub admin UI under Preferences > Helix Core Server > Account and group synchronization, or configure it in the /var/opt/hth/shared/hth.json configuration file.

When the Enable synchronization of Helix users in Helix DAM check box is selected:

  • You cannot give non-Helix Core users access to Helix DAM.

  • You cannot create or deactivate a user manually.

If you do not have enough Helix DAM licenses for all your Helix Core Server users, or if you want to exclude users and groups from accessing Helix DAM, see Including and excluding of Helix Core Server users and groups.

Note

A license is allocated to the p4search-user. To exclude the p4search-user from taking a license, see Including and excluding of Helix Core Server users and groups.

Including and excluding of Helix Core Server users and groups

You may want to include users or groups, or one or more users in a group, that exist in Helix Core Server to be available in Helix DAM, or exclude them from being displayed. To do this, configure the respective keys, either in the TeamHub admin UI under Preferences > Helix Core Server > Account and group synchronization, or in the /var/opt/hth/shared/hth.json configuration file. For details on these keys, see Section: pilsner in the TeamHub configuration section. 

Note
  • TeamHub bots are created as users on the Helix Core Server.
  • The include/exclude configuration applies to bots in the same way as it does for other users.
  • Add the users to the appropriate groups before updating the include/exclude configuration.

  • Update the include/exclude configuration before managing users, bots , and groups in the TeamHub admin UI.

When synchronizing users, TeamHub proceeds in the following order. TeamHub:

  1. Includes direct users and bots
  2. Adds users and bots from groups
  3. Excludes users and bots from groups
  4. Excludes direct users and bots

When synchronizing groups, TeamHub first includes groups and then extracts any groups that are marked as excluded in the configuration.

To include or exclude Helix Core Server users or groups:

  1. In the Preferences view, under Account and group synchronization, enter the name of users or groups as needed.

    For example:

    To include the users called user1 and user2, enter the following in the Include users field: ^(user1|user2)$

    To include users from a group called perforce-group, enter the following in the Include users from groups field: ^perforce-group$

    For details and more examples, see Section: pilsner.

  2. Click Save preferences.

    A warning appears because the changes have not been applied to the TeamHub server yet. Perform the following step to finalize the configuration.

  3. To apply server configuration changes to the TeamHub server, connect to the server via SSH and run the following command:

    sudo hth-ctl reconfigure

  4. After successfully running the reconfigure command, reload the TeamHub admin portal.

    Warning

    Failure to do so may result in normal web server interruption messages, such as the HTTP Error 503. The service is unavailable. error, because the services come back online.

JSON configuration examples

This section includes examples of how to exclude groups and users by editing the pilsner key in the /var/opt/hth/shared/hth.json file. Including or excluding users, users from groups, and groups works exactly the same way, so you can apply the following examples to all cases.

To exclude all groups starting with external- or test- or ending with test:

^(external-|test-).*, test$

To exclude user1 and user2, and any user starting or ending with test:

^(user1|user2)$, test$, ^test

Following is a code snippet from the hth.json file with these values included under the "pilsner" key:

"helix_users_include_regex": "",
"helix_users_exclude_regex": "^(user1|user2)$, test$, ^test",
"helix_users_from_groups_include_regex": "",
"helix_users_from_groups_exclude_regex": "",
"helix_groups_include_regex": "",
"helix_groups_exclude_regex": "^(external-|test-).*, test$"